News

Resources

Bitdefender, a leading global cybersecurity company protecting over 500 million users worldwide, continues to innovate with the introduction of “Detection of Cyberbullying and Online Predators” features included in Parental Control... Read More

BUCHAREST, Romania/SANTA CLARA, Calif, September 17, 2018 – a leading global cybersecurity company protecting over 500 million users across 150 countries, announced today that CRN®, a brand of The Channel... Read More

Terdot: Zeus-based malware strikes back with a blast from the past

Malware authors are surely known for their ability to fly under the radar. But every once in a while, details about their operations surface on the web. This is the case of a handful of malware operations that managed to gain unwanted attention by having their source code leaked. Mirai, KINS, Carberp and Zeus are among the malware families that went “open-source”, either voluntarily or because of operational negligence. And when this happens, high-quality code is rapidly adopted and integrated by less-skilled criminal groups looking for shortcuts to financial success.

Particularly interesting about Terdot, though, is that, just like the Netrepser targeted attack, it leverages legitimate applications such as certificate injection tools for nefarious purposes, rather than specialized utilities developed in house. Another discovery worth mentioning is that, even if Terdot is technically a Banker Trojan, its capabilities go way beyond its primary purpose: it can also eavesdrop on and modify traffic on most social media and email platforms. Its automatic update capabilities allow it to download and execute any files when requested by its operator, meaning it can develop new capabilities.

This whitepaper is a technical analysis of the Terdot, a Banker Trojan that derives inspiration from the 2011 Zeus source code leak.

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

About the author

Eduard BUDACA

Eduard Budaca is an antimalware researcher at Bitdefender. When not dissecting malware, he enjoys coding and playing video games. While perhaps too meticulous at times, he believes that digging deeper into the matter is often the only way to make sure that what you see is actually true.